Go Premium for a chance to win a PS4. Enter to Win


Domain Migration of Windows server 2003 to 2008 R2 Active Directory

Posted on 2014-07-19
Medium Priority
Last Modified: 2014-07-24

  I currently have two server running Windows Server 2003 that I have started managing.

1. FileServ (File Server, DHCP, DNS, Active Directory)
2. PDC (DNS, Active Directory)

Recently I have started migrating servers into vmware using their p2v standalone converter, however I have read several articles that converting active directory servers is not supported. What is the best method of settings up two Windows Server 2008 r2 servers and migrating my 2003 active directory to the 2008 servers? I currently have two Windows Server 2008 VM's running:

1. DC01
2. DC02

I have found the following links on how to perform this migration, however there is not a lot of comments saying if the migration was successful or not. Here are the links:

1. http://siddarthsajjantechnotes.blogspot.com/2012/02/domain-migration_11.html
2. http://thetechnosolution.com/migrate-server-2003-to-server-2008/

Any direction in the best method to turn the two Server 2008 servers into my main AD, DNS servers would be a big help. Then I will simply P2V my fileserver after demoting and removing AD, DNS, and DHCP on my 2003 servers.
Question by:Jonathan Carpenter

Expert Comment

by:Parrish Chamberlain
ID: 40206407
Firstly are you using Microsoft Virtual Machine Manager?  Download it fromHere . Notes can be found here .

To create a virtual machine from a physical server


On the Actions pane in any view in the Virtual Machine Manager Administrator Console, click Convert physical server to open the Convert Physical Server Wizard.


On the Select Source page, configure the following options:
Computer name. Type the computer name of the physical server that you want to use as the source   for the new virtual machine, or click Browse to locate the server.
User name. Type the name of a user account that has local Administrator rights and permissions on the source machine.
Password. Type the user password.
Domain. If the domain name field is not already pre-populated, type the name of the domain.


On the Virtual Machine Identity page, configure the following options:
Virtual machine name. Accept the pre-populated virtual machine name, which is the same computer name as the name of the source physical server. Alternatively, you can type a different name.
Owner. Accept the pre-populated value, DomainName\Username, to identify yourself as the owner of the new virtual machine. Alternatively, click Select to specify a different user or group as the owner. The account specified must be an Active Directory account.
Description (optional).Type a description for the new virtual machine.


On the Gather Information page, click Gather System Information to begin a SURVEY of the source machine that lists its hardware and software and identifies any missing components that are required for the P2V conversion. The wizard installs software on the source machine to gather the information but removes this software when the conversion is complete.

I have used this tool successfully, once converted you can upload to your Virtual Architecture


Author Comment

by:Jonathan Carpenter
ID: 40206461
Hello Parrish,

  Thank you for the information, however I am using VMware vCenter for all of my virtualization. Virtualizing P2V is completed through the vmware standalone converter and it works great for me however P2V conversion of AD servers is not supported (resulting in a basically dead AD server).

  I am needing a set of solid instructions on the proper steps to migrate AD from 2003 to 2008 that has been used by others and proven to work. I have already setup two servers running Server 2008 R2 in my virtual environment that I will use for my AD Domain Controllers. The previous two links I provided in the initial question were steps to accomplish this, but there was limited feed back on how it worked.

  At this time all I want to do is follow a solid plan to prep the Server 2003 server for AD migration, migrate all AD functions to my 2008 servers, then demote my 2003 servers, and of course have functioning AD for all of my USERS & Computers without downtime. After this is done my Server 2003 file server will be able to P2V and my virtualization and AD migrations will be completed.

Accepted Solution

Sumit Gupta earned 2000 total points
ID: 40206797
LVL 38

Expert Comment

ID: 40207122
To migrate to 2008 R2
You already have setup 2008 R2 VMs, right ?
Do not ever enable VM snapshots for these VMs.

Ensure that you logged on to 2003 server with account having domain admins, enterprise admins and schema admins membership
Then on 2003 Domain controllers where you have all FSMO running insert 2008 R2 dvd and browse to support\adprep folder
Run below commands if your 2003 is 32-bit
adprep32 /forestprep
adprep32 /domainprep
adprep32 /domainprep /gpprep
adprep32 /rodcprep    --- if you want to run RODC in domain in future


Run below commands if your 2003 is 64-bit
adprep /forestprep
adprep /domainprep
adprep /domainprep /gpprep
adprep /rodcprep    --- if you want to run RODC in domain in future

Now join 2008 R2 server to domain and run dcpromo on that server to promote it to ADC
Once you deployed ADC on both 2008 R2 machines ensure that name resolution \ ad replication \ Sysvol replication is running fine
Ensure below
All dns zones must be populated on both servers
all servers NS records \ CNAME records \ Host (A) records \ all zones are populated on both servers
Run net share on both servers to check if netlogon and Sysvol is shared out
Point both servers to itself own IP (Not for name resolution and keep another server as alternate DNS
Set your Internet DNS forwarders on 2008 r2 servers
Transfer FSMO roles from 2003 to 2008 r2 servers
Then point all of your client computers and servers \ dhcp scopes to 2008 R2 servers and shutdown 2003 servers for time being
Check if 2008 r2 Dcs are able to authenticate all client computers and servers
Run Netdom Query fsmo on all domain controllers and ensure that its output is same across all domain controllers
Once all testing is over, you can simply demote 2003 Domain controllers

Last things to say:
Never use physical to virtual conversion for DCs if you have more than one DC, it works fine if you have only single DC in domain.
Never use \ take domain controller snapshots
Configure AD time sync on 2008 R2 domain controllers - http://support.microsoft.com/kb/816042

Remove DC vm integration with physical host in VM tools settings
LVL 24

Expert Comment

ID: 40210835
Configuring DC either from clone/snapshot/image is not recommended.I recommend proceeding like that:
•Promote a new VM as a DC and make it a DNS and GC server
•Transfer all FSMO roles holder by the DC to demote to this VM
•Check that all is okay with AD replication using dcdiag.exe and then demote the old DCs
Note that it is recommended to have at least two DC / DNS / GC servers per domain.

Adding first Windows Server 2008 R2 Domain Controller within Windows 2003 network

Hope this helps

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question